Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1423)

high Nessus Plugin ID 298112

Language:

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1423 advisory.

In the Linux kernel, the following vulnerability has been resolved:

net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206)

In the Linux kernel, the following vulnerability has been resolved:

iomap: allocate s_dio_done_wq for async reads as well (CVE-2025-68357)

In the Linux kernel, the following vulnerability has been resolved:

net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: don't log conflicting inode if it's a dir moved in the current transaction (CVE-2025-68778)

In the Linux kernel, the following vulnerability has been resolved:

sched/deadline: only set free_cpus for online runqueues (CVE-2025-68780)

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: Reset t_task_cdb pointer in error case (CVE-2025-68782)

In the Linux kernel, the following vulnerability has been resolved:

xfs: fix a UAF problem in xattr repair (CVE-2025-68784)

In the Linux kernel, the following vulnerability has been resolved:

net: openvswitch: fix middle attribute validation in push_nsh() action (CVE-2025-68785)

In the Linux kernel, the following vulnerability has been resolved:

fsnotify: do not generate ACCESS/MODIFY events on child for special files (CVE-2025-68788)

In the Linux kernel, the following vulnerability has been resolved:

iomap: adjust read range correctly for non-block-aligned positions (CVE-2025-68794)

In the Linux kernel, the following vulnerability has been resolved:

ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795)

In the Linux kernel, the following vulnerability has been resolved:

perf/x86/amd: Check event before enable to avoid GPF (CVE-2025-68798)

In the Linux kernel, the following vulnerability has been resolved:

NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803)

In the Linux kernel, the following vulnerability has been resolved:

KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (CVE-2025-68810)

In the Linux kernel, the following vulnerability has been resolved:

ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813)

In the Linux kernel, the following vulnerability has been resolved:

io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816)

In the Linux kernel, the following vulnerability has been resolved:

ext4: xattr: fix null pointer deref in ext4_raw_inode() (CVE-2025-68820)

In the Linux kernel, the following vulnerability has been resolved:

fuse: fix readahead reclaim deadlock (CVE-2025-68821)

In the Linux kernel, the following vulnerability has been resolved:

Input: alps - fix use-after-free bugs caused by dev3_register_work (CVE-2025-68822)

In the Linux kernel, the following vulnerability has been resolved:

ntfs: set dummy blocksize to read boot_block when mounting (CVE-2025-71067)

In the Linux kernel, the following vulnerability has been resolved:

shmem: fix recovery on rename failures (CVE-2025-71072)

In the Linux kernel, the following vulnerability has been resolved:

scsi: aic94xx: fix use-after-free in device removal path (CVE-2025-71075)

In the Linux kernel, the following vulnerability has been resolved:

tpm: Cap the number of PCR banks (CVE-2025-71077)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080)

In the Linux kernel, the following vulnerability has been resolved:

drm/ttm: Avoid NULL pointer deref for evicted BOs (CVE-2025-71083)

In the Linux kernel, the following vulnerability has been resolved:

RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085)

In the Linux kernel, the following vulnerability has been resolved:

iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089)

In the Linux kernel, the following vulnerability has been resolved:

team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091)

In the Linux kernel, the following vulnerability has been resolved:

e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093)

In the Linux kernel, the following vulnerability has been resolved:

RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096)

In the Linux kernel, the following vulnerability has been resolved:

ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097)

In the Linux kernel, the following vulnerability has been resolved:

ip6_gre: make ip6gre_header() robust (CVE-2025-71098)

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (CVE-2025-71104)

In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg - zero initialize memory allocated via sock_kmalloc (CVE-2025-71113)

In the Linux kernel, the following vulnerability has been resolved:

libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116)

In the Linux kernel, the following vulnerability has been resolved:

ACPICA: Avoid walking the Namespace if start_node is NULL (CVE-2025-71118)

In the Linux kernel, the following vulnerability has been resolved:

powerpc/kexec: Enable SMT before waking offline CPUs (CVE-2025-71119)

In the Linux kernel, the following vulnerability has been resolved:

SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120)

In the Linux kernel, the following vulnerability has been resolved:

iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVEd (CVE-2025-71122)

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix string copying in parse_apply_sb_mount_options() (CVE-2025-71123)

In the Linux kernel, the following vulnerability has been resolved:

tracing: Do not register unsupported perf events (CVE-2025-71125)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126)

In the Linux kernel, the following vulnerability has been resolved:

drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (CVE-2025-71130)

In the Linux kernel, the following vulnerability has been resolved:

crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (CVE-2025-71131)

In the Linux kernel, the following vulnerability has been resolved:

smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132)

In the Linux kernel, the following vulnerability has been resolved:

md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135)

In the Linux kernel, the following vulnerability has been resolved:

clk: samsung: exynos-clkout: Assign .num before accessing .hws (CVE-2025-71143)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conncount: fix leaked ct in error paths (CVE-2025-71146)

In the Linux kernel, the following vulnerability has been resolved:

KEYS: trusted: Fix a memory leak in tpm2_load_cmd (CVE-2025-71147)

In the Linux kernel, the following vulnerability has been resolved:

net/handshake: restore destructor on submit failure (CVE-2025-71148)

In the Linux kernel, the following vulnerability has been resolved:

io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149)

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix memory and information leak in smb3_reconfigure() (CVE-2025-71151)

In the Linux kernel, the following vulnerability has been resolved:

RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update kernel6.12 --releasever 2023.10.20260202' or or 'dnf update --advisory ALAS2023-2026-1423 --releasever 2023.10.20260202' to update your system.

Plugin Details

Severity: High

ID: 298112

File Name: al2023_ALAS2023-2026-1423.nasl

Version: 1.2

Type: local

Agent: unix

Family: Amazon Linux Local Security Checks

Published: 2/5/2026

Updated: 2/12/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Medium

Base Score: 6.2

Temporal Score: 4.6

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2025-40170

CVSS v3

Risk Factor: High

Base Score: 7.4

Temporal Score: 6.4

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:kernel6.12-modules-extra, p-cpe:/a:amazon:linux:kernel-livepatch-6.12.64-87.122, p-cpe:/a:amazon:linux:bpftool6.12, cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:kernel6.12-devel, p-cpe:/a:amazon:linux:kernel6.12-headers, p-cpe:/a:amazon:linux:kernel6.12-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:perf6.12, p-cpe:/a:amazon:linux:kernel6.12-tools-debuginfo, p-cpe:/a:amazon:linux:kernel6.12-tools, p-cpe:/a:amazon:linux:kernel6.12-libbpf-static, p-cpe:/a:amazon:linux:kernel6.12-libbpf-debuginfo, p-cpe:/a:amazon:linux:perf6.12-debuginfo, p-cpe:/a:amazon:linux:python3-perf6.12, p-cpe:/a:amazon:linux:python3-perf6.12-debuginfo, p-cpe:/a:amazon:linux:bpftool6.12-debuginfo, p-cpe:/a:amazon:linux:kernel6.12-libbpf, p-cpe:/a:amazon:linux:kernel6.12-modules-extra-common, p-cpe:/a:amazon:linux:kernel6.12, p-cpe:/a:amazon:linux:kernel6.12-tools-devel, p-cpe:/a:amazon:linux:kernel6.12-libbpf-devel, p-cpe:/a:amazon:linux:kernel6.12-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel6.12-debuginfo

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/5/2026

Vulnerability Publication Date: 11/12/2025

Reference Information

CVE: CVE-2025-40170, CVE-2025-68206, CVE-2025-68357, CVE-2025-68775, CVE-2025-68778, CVE-2025-68780, CVE-2025-68782, CVE-2025-68784, CVE-2025-68785, CVE-2025-68788, CVE-2025-68794, CVE-2025-68795, CVE-2025-68798, CVE-2025-68803, CVE-2025-68810, CVE-2025-68813, CVE-2025-68814, CVE-2025-68816, CVE-2025-68820, CVE-2025-68821, CVE-2025-68822, CVE-2025-71067, CVE-2025-71072, CVE-2025-71075, CVE-2025-71077, CVE-2025-71080, CVE-2025-71083, CVE-2025-71084, CVE-2025-71085, CVE-2025-71089, CVE-2025-71091, CVE-2025-71093, CVE-2025-71096, CVE-2025-71097, CVE-2025-71098, CVE-2025-71104, CVE-2025-71113, CVE-2025-71116, CVE-2025-71118, CVE-2025-71119, CVE-2025-71120, CVE-2025-71122, CVE-2025-71123, CVE-2025-71125, CVE-2025-71126, CVE-2025-71130, CVE-2025-71131, CVE-2025-71132, CVE-2025-71135, CVE-2025-71143, CVE-2025-71146, CVE-2025-71147, CVE-2025-71148, CVE-2025-71149, CVE-2025-71151, CVE-2025-71157

Detections

Analytics